The CCIE RS coaching is carried out at CCIE coaching colleges, which has tutors, lecturers, and boot camps. Inside of the CCIE, there are actually six tracks, significantly, Storage Networking, Voice and Wi-fi, Routing & Switching, Service Provider, and Security. This examination is considered to be pretty tough and excellent one to clear, providing you with technical experience and dedication. This also makes you a member of an exclusive group of pros, makes your resume look grand, and will increase your credibility.

Moving forward in career could be the ambition of most IT professionals. CCIE RS coaching will provide the platform to supply a bonus inside of the job market.  Once you begin in search of higher opportunities in or exterior your company, the CCIE certification will provide help to attain your objective simply on this aggressive planet.

You'll have many reasons for taking CCIE RS coaching; getting excessive salary could possibly be considered one of them. Getting this certification will not be a simple work; it takes years, sometimes, to clear the exams. It takes eighteen months and a whole bunch of dollars to clear this examination, that is why there's large marketplace for such licensed experts. The plus side to it is that, with such limited certified gurus and high demand for them, the salaries furnished are extraordinarily high.

After receiving the CCIE RS coaching, you might be thought of to be an knowledgeable in the networking field. Subsequently, if a tough scenario arises, you might be at all times called in to settle the problem. When you will have this certification, you may be acknowledged worldwide for having high qualification within just the networking and technology industry.

It will be essential to understand the general means of CCIE RS coaching examination, so that you will understand the form of instruction which can be needed. This examination consists of two principal elements, the written, and the lab exam. The written half is of two hours size containing a number of-choice question. You'll be able to sit for the lab examination only if you are successful in the written examination.  The lab examination is an eight-hour one that can take a look at your capacity to put collectively networking and software equipment and your troubleshooting ability.  Three years are offered for passing the lab examination, after which you absolutely need to reappear for the written test before continuing for the lab exam again.

A lot of the candidates showing for the CCIE RS exercise examination do not go on the first attempt. Nonetheless, there is fairly a high price of success inside the second attempt. To enhance the probabilities of success in this examination, you should research the subjects that are test specific. One essential issue to be kept in thoughts is that, after receiving this certificate, you should recertify each two years.

Consider studying concerning the expertise in every area as listed inside of the Cisco blueprint. It truly is recommended to have not less than four hundred hours of lab follow utilising a simulated gear as a way for you to succeed inside the CCIE security lab test. Dedicate a part of your day in mastering every topic. You can get various study materials obtainable available in the market for better understanding of the subjects talked about within just the blueprint of Cisco. They assist you to in making ready yourself by way of the aid of structured software. You'll be able to spend money on a good schooling application, which lets you improve your amount of expertise.

You can go for online education packages from reputed corporations, which provide observe assessments and different helpful services to enhance your skills. CCIE safety can be utilized as a ladder in the direction of success. It's always accepted as a recognized certification application in the networking industry worldwide. A CCIE in security will open the gateway towards a shiny career.

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface BRI0/0

Router1(config-if)#encapsulation ppp

Router1(config-if)#dialer pool-member 1

Router1(config-if)#isdn switch-type basic-ni

Router1(config-if)#isdn spid1 800555123400 5551234

Router1(config-if)#isdn spid2 800555123500 5551235

Router1(config-if)#ppp authentication chap

Router1(config-if)#exit

Router1(config)#interface BRI0/1

Router1(config-if)#encapsulation ppp

Router1(config-if)#dialer pool-member 1

Router1(config-if)#isdn switch-type basic-ni

Router1(config-if)#isdn spid1 800555123600 5551236

Router1(config-if)#isdn spid2 800555123700 5551237

Router1(config-if)#ppp authentication chap

Router1(config-if)#exit

Router1(config)#interface Dialer1

Router1(config-if)#ip address 10.1.99.55 255.255.255.0

Router1(config-if)#encapsulation ppp

Router1(config-if)#dialer remote-name dialhost

Router1(config-if)#dialer pool 1

Router1(config-if)#dialer idle-timeout 300

Router1(config-if)#dialer string 95551212

Router1(config-if)#dialer load-threshold 50 either

Router1(config-if)#dialer-group 1

Router1(config-if)#ppp authentication chap

Router1(config-if)#ppp multilink

Router1(config-if)#exit

Router1(config)#username dialhost password dialpassword

Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180

Router1(config)#dialer-list 1 protocol ip list 101

Router1(config)#access-list 101 deny eigrp any any

Router1(config)#access-list 101 permit ip any any

Router1(config)#router eigrp 55

Router1(config-router)#network 10.0.0.0

Router1(config-router)#end

Router1#

Dialer interfaces are particularly useful for the server side, where you can use them to bond together several ISDN BRI or PRI circuits:

dialhost#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

dialhost(config)#username Router1 password dialpassword

dialhost(config)#controller T1 0

dialhost(config-controller)#framing esf

dialhost(config-controller)#clock source line primary

dialhost(config-controller)#linecode b8zs

dialhost(config-controller)#pri-group timeslots 1-24

dialhost(config-controller)#exit

dialhost(config)#interface Serial0:23

dialhost(config-if)#encapsulation ppp

dialhost(config-if)#dialer rotary-group 1

dialhost(config-if)#dialer-group 1

dialhost(config-if)#isdn switch-type primary-dms100

dialhost(config-if)#isdn not-end-to-end 56

dialhost(config-if)#exit

dialhost(config)#interface Dialer1

dialhost(config-if)#ip address 10.1.99.1 255.255.255.0

dialhost(config-if)#encapsulation ppp

dialhost(config-if)#dialer in-band

dialhost(config-if)#dialer idle-timeout 300

dialhost(config-if)#dialer-group 1

dialhost(config-if)#no peer default ip address

dialhost(config-if)#ppp authentication chap

dialhost(config-if)#ppp multilink

dialhost(config-if)#exit

dialhost(config)#access-list 101 deny eigrp any any

dialhost(config)#access-list 101 permit ip any any

dialhost(config)#dialer-list 1 protocol ip list 101

dialhost(config)#router eigrp 55

dialhost(config-router)#network 10.0.0.0

dialhost(config-router)#exit

dialhost(config)#end

dialhost#

this time we have created a logical Dialer1 interface instead of using a dialer map command. The effect is the same. But with dialer interfaces, you have the advantage of being able to bond several different physical links into a single PPP multilink bundle.

In the first example, we have included two ISDN BRI interfaces, which gives us an effective total bandwidth of 256 Kbps for the backup link. we have included a dialer load-threshold command so the router will only bring up these additional B channels if it requires them.

First, notice that we have not included any IP addresses or any of the dialer configuration information on the physical interfaces. Instead, we put all of this information in the configuration of the logical dialer interface.

Then, to associate these physical interfaces with this particular logical interface, we use the dialer pool-member command on the physical interfaces and the dialer pool command on the dialer interface. In this example, we have created dialer pool number 1 on the interface, Dialer1, and assigned the two BRI interfaces to this pool. The dialer interface number is arbitrary. The only thing that matters is that the dialer pool numbers match the dialer pool-member numbers.

Because there is no dialer map command to define the telephone number to call, the destination hostname and the destination IP address, we have to configure these separately. First, we set up the remote hostname and the dialer string (which defines the destination phone number) as follows:

Router1(config)#interface Dialer1

Router1(config-if)#dialer remote-name dialhost

Router1(config-if)#dialer string 95551212

we include a floating static route to trigger the dial backup:

Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180

The second example in this recipe shows a sample server-side configuration. In many ways, it is similar to the branch, but there also a few key differences. The first difference is that the server is configured to use a PRI rather than a BRI circuit. In this case, the router uses a built-in T1 CSU, so we need to define the framing, line coding, and how the T1 time slices work:

dialhost(config)#controller T1 0

dialhost(config-controller)#framing esf

dialhost(config-controller)#clock source line primary

dialhost(config-controller)#linecode b8zs

dialhost(config-controller)#pri-group timeslots 1-24

dialhost(config-controller)#exit

This represents the most common options, Extended Super Frame (ESF) framing with Binary 8-Zero Substitution (B8ZS) line coding. And we will draw the clock from the circuit, rather than generating it in the router. The most important part of this is the definition of the T1 time slots. In this case, we have grouped all of 23 B channels and the D channel into a single PRI group. This reflects the fact that we purchased this circuit as a whole T1. However, you could just as easily work with a fractional T1 PRI circuit that only includes some of the available time slots.

Once we have defined the T1 time slots for the PRI circuit, we can then configure the circuit for dialup:

dialhost(config)#interface Serial0:23

dialhost(config-if)#encapsulation ppp

dialhost(config-if)#dialer rotary-group 1

dialhost(config-if)#dialer-group 1

dialhost(config-if)#isdn switch-type primary-dms100

dialhost(config-if)#isdn not-end-to-end 56

dialhost(config-if)#exit

The name of this interface, Serial0:23, means that we are working with the circuit attached to interface Serial0, and that it includes 23 time slices. In this example, the telephone company's ISDN switch is a Nortel DMS100, so we have to configure it with the isdn switch-type command. The encapsulation ppp and the dialer-group commands are familiar from previous examples, but there are a couple of other options here.

The first new feature is the dialer rotary-group command. This is a useful variation on some of the dialer commands that we discussed earlier. Because the argument of this command is the number 1, this assigns this physical interface to be a member of a rotary group that is associated with the virtual interface, Dialer1. A rotary group is similar to any other dialer group, but it allows multiple simultaneous connections to different remote routers. This wasn't necessary for the branch routers, because they only ever dial to the one central router. But the host router must be able to accept calls from many branches at once.

The primary router doesn't require dialer map statements to accept inbound calls. These are only necessary for outbound calls. When the router receives a new inbound connection, it will create a dynamic map to associate the IP address with the dial connection.

The last command in this configuration is often required when using ISDN calls between different telephone companies, and particularly for long distance calls:

dialhost(config-if)#isdn not-end-to-end 56

By default, the router will assume that all calls use 64 Kbps ISDN B channels. But some regions use 56 Kbps instead of 64. And, worse still, sometimes you have a long distance call that starts and ends at 64 Kbps, but has a hidden leg of 56 Kbps in the middle of the carrier's network. In all of these cases, the router will drop the call by default because of the speed mismatch. This command manually forces the router to use 56 Kbps for all calls to prevent these speed mismatch problems.

The only tricky part of configuring a tunnel is making sure that the source of the tunnel on one router matches the destination on the other. In this case, Router1 uses a source IP address of 172.25.1.5, which happens to be its Ethernet port. If you look at the tunnel destination command on the other router, you will see that it matches. Similarly, the destination on the first router is 172.25.1.7, and the source is 172.25.1.5.

You could also use an alternative syntax, specifying the interface name, rather than the IP address:

Router5(config)#interface Tunnel3

Router5(config-if)#tunnel source Ethernet0

This points the tunnel source to the primary IP address on a particular interface on this router. It is crucial that this IP address match the destination address configured on the other router.

If you then look at the new tunnel interface, you will see that it is up:

Router1#show interfaces Tunnel1

Tunnel1 is up, line protocol is up

  Hardware is Tunnel

  Internet address is 192.168.35.6/30

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source 172.25.1.5 (FastEthernet0), destination 172.25.1.7

  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

  Checksumming of packets disabled,  fast tunneling enabled

  Last input 00:11:08, output 00:00:08, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     5 packets input, 740 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     73 packets output, 6604 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

Router1#

This is deceptive, though. Even if we remove the tunnel configuration from the other router, this interface will still appear to be up. Indeed, this tunnel interface will appear to be up even if you turn off the power on the far end router. In IOS Version 12.2(8)T, Cisco introduced a new keepalive option for GRE tunnels that overcomes this limitation. When you configure a tunnel with this new feature, the interface will go down if there are any connection problems:

Router1(config)#interface Tunnel1

Router1(config-if)#keepalive

By default, this keepalive command sends a packet through the tunnel to check its status once every 10 seconds. If there is no response to three successive polls, the router declares the tunnel interface to be down. So this will change the tunnel's status about 30 seconds after a failure.

You can adjust both the time interval and the number of retries. For example, to send a keepalive packet every 5 seconds, but to keep the default three retry limit, you could use the following command:

Router1(config)#interface Tunnel1

Router1(config-if)#keepalive 5

And if you want to change the number of retries, you can specify the new value after the time interval. The following example will send a keepalive packet every 3 seconds, and will declare the tunnel down if it doesn't hear a response back to two successive keepalive tests:

Router1(config)#interface Tunnel1

Router1(config-if)#keepalive 3 2

If you are concerned about the integrity of tunneled data, you can enable checksums on a GRE tunnel:

Router1(config)#interface Tunnel1

Router1(config-if)#tunnel checksum

When you turn on checksums, the router will verify the checksum of every GRE packet it receives and drop any packets that don't match. A similar feature checks to see if packets are received in the correct order:

Router1(config)#interface Tunnel1

Router1(config-if)#tunnel sequence-datagrams

When you enable the sequence-datagrams option, the router will drop any packets that it receives out of their correct order. These two options can be useful in networks that have a tendency to damage packets, or when there are multiple paths between the tunnel routers. Remember that GRE doesn't use TCP, so these features can help to improve the reliability of a tunnel connection. However, even when you enable these features, the routers will not resend dropped packets as TCP does.

We do suggest using some caution when you enable either checksums or sequencing on a GRE tunnel, because these features do not work with CEF. So as soon as you enable either of them, the router will have to resort to process switching, which could drive up your CPU utilization.

The tunnel used so far in all of the examples in this recipe hasn't specified any particular tunnel protocol, so the routers will use the default GRE protocol. If you prefer to use a different tunnel protocol, change it using the tunnel mode command as follows:

Router1(config)#interface Tunnel1

Router1(config-if)#tunnel mode ipip

Here we have opted to use the IP-in-IP tunnel protocol that we discussed in the introduction to this chapter. There are several other options for tunnel protocols, which we list in Table 12-1.

tunnel mode dvmrp

tunnel mode eon

tunnel mode gre ip

tunnel mode gre ip

tunnel mode gre ipv6

tunnel mode ipip

tunnel mode ipv6

tunnel mode mpls

tunnel mode nos

tunnel mode decapsulate-any

tunnel mode ipsec ipv4

tunnel mode aurp

tunnel mode cayman

tunnel mode iptalk

In the recipe example, the two routers shared an Ethernet segment, so the routing was trivial. But in practice, routing between the tunnel endpoints is often the most difficult thing to get right. As a result, the routing protocol will often decide that the best way to get to the tunnel's destination IP address is through the tunnel itself. This is called recursive routing, and it makes the tunnel useless. So when a router notices that it is routing GRE packets for a tunnel destination address through the same tunnel, it will automatically disable the tunnel with the following error message:

Jan 16 12:05:04 EST: %TUN-5-RECURDOWN: Tunnel1 temporarily disabled due to recursive routing

Jan 16 12:05:05 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

Cisco has attempted to reduce this problem by making the default bandwidth for all tunnel interfaces 9 Kbps. For most routing protocols, this means that you have to traverse several hops before the tunnel looks like a better path. But some protocols, most notably RIP, don't look at interface bandwidths. And it is important to bear in mind that no matter what protocol you use, at some point a single hop of 9 Kbps is going to look better than a large number of higher bandwidth hops.

The only way to avoid this problem is to ensure that there is always a good route to the tunnel destination that doesn't use the tunnel itself.

One of the inherent problems with tunnels is that the entire IP packet is stuffed inside of another IP packet, which effectively means that the maximum size for your packet payload is smaller. For example, a GRE packet has a 24-byte header. So if your network uses the standard 1,500 byte Ethernet MTU, the largest packet that you can put through the tunnel is 1,476 bytes. If the payload packet's Don't Fragment (DF) bit is not set, then the router will simply break up any larger packets before encapsulating the pieces into multiple (usually 2) GRE packets.

This is a problem because the extra overhead due to packet fragmentation and reassembly can cause extra delays. And if one of the fragments of a tunneled TCP packet is lost due to congestion in the network, all of the fragments constituting the original packet must be retransmitted, which makes the congestion problems worse.

For TCP connections you can use the ip tcp path-mtu-discovery global configuration command to tell the router to monitor for the ICMP "fragmentation needed but DF bit set" messages. These ICMP messages tell end devices to adjust their MTU values to match the maximum that the network can transmit end-to-end. However, GRE doesn't use TCP so this approach doesn't work. Fortunately, in 12.0(7)T3, Cisco introduced an equivalent Path MTU Discovery (PMTUD) command for use with GRE and IP-in-IP tunnels:

Router1(config)#interface Tunnel1

Router1(config-if)#tunnel path-mtu-discovery

This command tells the routers to set the DF bit in the headers of GRE and IP-in-IP tunnels, monitor for ICMP messages, and to adjust MTU values accordingly exactly the way it is done for TCP PMTUD.

Note that this is an ongoing process. The routers must check ever packet because there may be multiple paths through the network, each with different MTU restrictions. The larger the effective MTU, the greater the efficiency of the network, so it is important to make the MTU as large as the network can carry. So the PMTUD process allows the routers to periodically try larger packet sizes, just in case the network topology has changed, and the new path can support larger packets. You can adjust the length of time when the router will hold only a particular MTU value before resetting to the maximum by using the age-timer keyword:

Router1(config)#interface Tunnel1

Router1(config-if)#tunnel path-mtu-discovery age-timer 15

This keyword takes a time-out value expressed in minutes. The default is 10 minutes.

Starting in IOS Version 12.2(13)T, you can also specify a minimum MTU value that the tunnel will negotiate down to by using the min-mtu keyword. If the network wants packets smaller than this, then the routers will just fragment:

Router1(config)#interface Tunnel1

Router1(config-if)#tunnel path-mtu-discovery min-mtu 500

The default here is the minimum value of 92 bytes. This command was added because of a clever denial of service attack in which attackers sent repeated ICMP "fragmentation required but DF bit set" packets to routers running tunnel interfaces, compelling them to reduce their MTUs to unfeasibly small values.

CCIE examination entails two assessments, which might be a CCIE composed check plus a CCIE lab exam. In order to attempt the lab test, it's essential to crystal clear the composed examination. For those who are not within a placement to obvious the created examination the 1st time, you must check out to get a hundred and eighty days for retaking it. Subsequent to clearing the composed verify, it really is finest to create an strive for your CCIE lab test within 18 months. It you're unable to very clear the lab examination, then you definitely may want to re-try inside 12 months that has a watch to maintain the composed examination outcome valid.

It's a time limit of two hrs and it is carried out in a range of have a look at centers across the world. The subjects lined inside the published examination depend on the specialization or monitor you choose. For service provider, chances are you'll decide upon from classes like Cable, DSL, IP Telephony, Dial, Content material material Networking, Optical, WAN switching, and Metro Ethernet. Each created test is produced available inside the beta form at a value of $50 USD.

The CCIE lab test is exceptional in nature, as it's an eight-hour exam, which checks the facility belonging to the applicant to configure and troubleshoot networking machines. Cisco has higher degree of package in its CCIE labs to be used inside the lab exams. The blue print on the lab test is obtainable on its webpage. The lab examination just isn't accessible in the slightest degree Pearson VUE or Prometric testing centers.

A common CCIE R&S lab examination contains a two-hour hassle-taking pictures section by which that you're presented a collection of tickets for preconfigured networks inside the CCIE labs. It is advisable to have the ability to identify and resolve the faults. You can proceed towards the configuration part once you end the troubleshooting part.

A sound passing score is critical to attempt a CCIE Labs exam. Cisco uses the help of proctors to guage the candidates with the preliminary rounds in its CCIE labs located worldwide. Factors are awarded when a criterion is met and grading is carried out using some computerized tools. The outcomes of a lab examination are mirrored inside of forty eight hrs. A move/fail is projected throughout the end outcome and in case of a fail, the areas where you are lacking behind are talked about so as to put together properly earlier than a re-try.

Cisco stands out in the discipline of networking by providing a CCIE certification so that you can pursue your education as well as get acknowledged by a reputed organization. The CCIE lab test can be utilized being a platform to challenge your capability in varied tracks provided by Cisco. Attempting a lab examination requires rigorous exercise and big sense of understanding. The CCIE labs form step one to your substantial potential career.

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip rsvp bandwidth 128 56

Router(config-if)#exit

Router(config)#end

Router#

Some network administrators have to worry about unauthorized use of bandwidth reservation. You can control this by specifying an access-list of allowed neighbor devices:

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#access-list 15 permit ip 192.168.1.0 0.0.0.255

Router(config)#interface FastEthernet0/0

Router(config-if)#ip rsvp bandwidth 128 56

Router(config-if)#ip rsvp neighbor 15

Router(config-if)#exit

Router(config)#end

Router#

Note that before you can configure RSVP on an interface, you must first configure the interface for WFQ, CBWFQ, or WRED. This step is not included in this example, to make it easier to focus on the RSVP configuration. For examples of WFQ, CBWFQ, and WRED, please refer to Recipes 11.6, 11.7, and 11.9, respectively.

The first example tells the router to pay attention to RSVP signaling, and defines how much bandwidth can be reserved in the following command:

Router(config-if)#ip rsvp bandwidth 128 56

The first numerical argument, 128, specifies that applications can reserve a maximum aggregate bandwidth of 128 Kbps. The last argument, 56, means that the largest amount that a single application can request is 56 Kbps.

When you use the ip rsvp neighbor command, as in the second example, it is important to remember that this router receives RSVP reservation requests from neighboring devices. If this is an access router, then the neighboring device on the local LAN port could be an end device. But for other routers and other interfaces, it is likely that the RSVP request will come from another router, not from the end device making the initial request. So, for router-to-router connections, it may not be useful to specify an access list because all RSVP requests, legitimate or not, will come from a neighboring router. The best place to control which devices are allowed to reserve bandwidth is on the access router.

There are several useful show commands to look at the RSVP configuration of your router, as well as the dynamic reservation requests. The first of these is the show ip rsvp interface command, which shows information on the reservations that have been made by interface:

Router#show ip rsvp interface

interfac allocate i/f max  flow max per/255 UDP  IP   UDP_IP   UDP M/C

Et0      0M       1M       100K     0  /255 0    2    0        0

To0      50K      1M       100K     12 /255 0    1    0        0

This command shows that there are two interfaces that are currently supporting RSVP reservations, Ethernet0 and TokenRing0. The allocate column shows the amount of bandwidth that has been allocated to active RSVP requests on each interface. In all of these fields, the letter K stands for Kbps and M stands for Mbps. The i/f max column shows the total amount that can be allocated on each of these interfaces, while the flow max shows the maximum that can be requested by any one flow. These are the parameters from the ip rsvp bandwidth interface configuration command.

The remaining columns show information about the actual allocated streams. The per/255 column shows the fraction of the total interface bandwidth that is used by each of these allocations. This is measured as a fraction of 255, as is common for expressing loads on Cisco interfaces. The UDP column shows the number of UDP-encapsulated sessions, IP counts the TCP-encapsulated sessions, and UDP_IP shows the sessions that use both UDP and TCP. The UDP M/C column shows whether the interface is configured to allow UDP reservations.

You can look at individual reservations in detail with the following command:

Router#show ip rsvp installed

RSVP: Ethernet0 has no installed reservations

RSVP: TokenRing0

BPS    To              From            Protoc DPort  Sport  Weight Conversation

50K    192.168.5.5     192.168.1.10    TCP    888    999    4      520

Router#

This shows that the router is currently supporting a 50Kbps TCP session between the two IP addresses that are shown, with the source and destination port numbers, 999 and 888 respectively. The Weight column shows the weighting factor, and Conversation shows the conversation (or flow) number used by WFQ for this queue. If you don't run WFQ on this interface, then both of these values appear as 0.

There is considerable overlap between the information shown in the show ip rsvp installed command and the output with the reservation and sender keywords. However, there are some important additional pieces of information here:

Router#show ip rsvp reservation

To            From          Pro DPort Sport Next Hop      I/F   Fi Serv BPS Bytes

192.168.5.5   192.168.1.10  TCP 888   999   192.168.3.2   To0   FF LOAD 50K   50K

Router#show ip rsvp sender

To              From            Pro DPort Sport Prev Hop        I/F  BPS  Bytes

192.168.5.5     192.168.1.10    TCP 888   999   192.168.1.201   Et0   50K    50K

Router#

With the reservation keyword, you see details about what type of reservation has been made. In this case, FF indicates that this is a Fixed Filter reservation, which means that it contains a single conversation between two end devices. However, RSVP also allows aggregation of flows. If this column says SE, which stands for Shared Explicit Filter, then it represents a shared reservation of unlimited scope. The other option is WF, which stands for Wildcard Filter, and indicates a shared reservation that can only include certain end devices or applications.

With the sender flag, you see the actual path information for the reservation. The Prev Hop and I/F columns here show the address and interface of the previous hop router. The BPS column shows the reserved bandwidth for this session in Kbps, and the Bytes column shows the maximum burst size in Kilobytes.

The show ip rsvp neighbor command simply lists all of the IP addresses of active RSVP neighbors on all interfaces. This command is useful if you want to figure out what devices are making RSVP requests. As we mentioned earlier, since all RSVP requests are made hop-to-hop, it is quite likely that you will see a lot of routers in this list. However, on access routers, this command will help you to see whether the right end devices are making RSVP requests. If there are unauthorized devices in the list, you may want to consider using the ip rsvp neighbor interface configuration command to restrict which devices are allowed to make requests:

Router#show ip rsvp neighbor

Interfac Neighbor        Encapsulation

Et0      192.168.1.10    RSVP

Et0      192.168.1.201   RSVP

To0      192.168.3.2     RSVP

CCIE Bootcamps offer you in essence quite possibly the most effortless procedure of passing out the checks of CCIE. There's several firms quite institutes which provide CCIE Bootcamp training similar to Cathay College. Along with a look at to improve to be eligible for the bootcamps the institutes often times existing a prerequisite. It helps to spice up the prospect of your candidates to maneuver the CCIE exams in a higher way than other people. This prerequisite is referred to as CCNP status.

The related charge for using the CCIE Security exam is substantial, so most candidates go to get a preparation course to cross it in a single sitting. Some impartial organizations and institutions give you courses and workshop to individuals picking CCIE Stability instruction. However, most candidates prefer to take advantage of the instructor-led and on-line workshops, which Cisco provide you with, for a part of Licensed Learning Companions software. The training possible choices are supplied also, the educators are accepted by Cisco.

For that CCIE Protection certification, you have to sign-up for your penned examination in your room of specialization. Every one of the exams are executed on the Cisco approved facility, which also accepts value for that test. The cost of taking a CCIE created examination is from $80 to $325. The penned exam is supervised and executed on the desktop computer. It truly is of 1 or two hrs paper containing a number of choices, drag and drop doubts and fill while in the blanks. Aside from white boards and markers for calculations, like a candidate for CCIE Stability coaching examination, you aren't authorized to carry some other product on the test hall.

CCIE Bootcamp is accompanied which includes a number of methods to provide the simplest planning material on the students. They predominantly present some must-have textbooks to organize them for the prepared CCIE consider a look at collectively with some web-based entry for that Lab exam. Counting on these two categories the CCIE Bootcamps is divided into two sections. The divisions are class construction also, the Lab simulation. The class development includes two phases and they're fingers-on coaching and lectured-based mostly lessons. Inside the class construction the students are presented aided by the information of Little bit splitting, VLSM etc. However the lab simulation is necessary aspect of CCIE Bootcamp. Here the students are subjected to deal with a variety of real-life dilemmas and then the troubleshooting abilities are checked competently. That may be the final phase of CCIE Bootcamps the site the scholars are nicely-prepared for the Blueprintv4, MPLS etcetera. These methodologies assist students to troubleshoot any real-life concerns and enrich the facility to find out the correct methods.

But you'll notice few dependable institutes available obtainable while in the marketplace which provides total CCIE Bootcamps. One in all most properly-renowned institutes is Cathay Faculty which renders exceptionally great establishments just in case of bootcamps for CCIE. They supply bootcamp facilities to exceptionally sizeable amount of college students from multiple corners on the planet like Australia, Norway, United kingdom, Sweden, USA and numerous additional. In accordance while using the research of this institute from 2005, they're sustaining document variety of proportion of passing amount in CCIE test. This file is itself a form of assure for them. There are many leads to to choose out Cathay College for CCIE Bootcamps. The report number of passing price of nearly 90% is among the most interesting operate of it. Apart from it, an individual other remarkable attribute certainly is the one-to-one lab coaching which guide the students to filter out every one of the doubts pertaining to any draw back through the instructors.

The essential related information relating to the bootcamp is available to the reliable company internet site which can be cathayschool.com. It is a particularly practical web site which gives you more than a few placing facilities like on-line Self-Study CCIE Lab Workbooks, one-on-one using the web coaching, Instructor Led exercise and so forth. Each of the facilities and also the program durations together while using the funds are effectively-described right here these which the customers may want to not be required to experience any kind of headache related to CCIE Bootcamps.

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip rsvp bandwidth 128 56

Router(config-if)#exit

Router(config)#end

Router#

Some network administrators have to worry about unauthorized use of bandwidth reservation. You can control this by specifying an access-list of allowed neighbor devices:

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#access-list 15 permit ip 192.168.1.0 0.0.0.255

Router(config)#interface FastEthernet0/0

Router(config-if)#ip rsvp bandwidth 128 56

Router(config-if)#ip rsvp neighbor 15

Router(config-if)#exit

Router(config)#end

Router#

Note that before you can configure RSVP on an interface, you must first configure the interface for WFQ, CBWFQ, or WRED. This step is not included in this example, to make it easier to focus on the RSVP configuration. For examples of WFQ, CBWFQ, and WRED, please refer to Recipes 11.6, 11.7, and 11.9, respectively.

The first example tells the router to pay attention to RSVP signaling, and defines how much bandwidth can be reserved in the following command:

Router(config-if)#ip rsvp bandwidth 128 56

The first numerical argument, 128, specifies that applications can reserve a maximum aggregate bandwidth of 128 Kbps. The last argument, 56, means that the largest amount that a single application can request is 56 Kbps.

When you use the ip rsvp neighbor command, as in the second example, it is important to remember that this router receives RSVP reservation requests from neighboring devices. If this is an access router, then the neighboring device on the local LAN port could be an end device. But for other routers and other interfaces, it is likely that the RSVP request will come from another router, not from the end device making the initial request. So, for router-to-router connections, it may not be useful to specify an access list because all RSVP requests, legitimate or not, will come from a neighboring router. The best place to control which devices are allowed to reserve bandwidth is on the access router.

There are several useful show commands to look at the RSVP configuration of your router, as well as the dynamic reservation requests. The first of these is the show ip rsvp interface command, which shows information on the reservations that have been made by interface:

Router#show ip rsvp interface

interfac allocate i/f max  flow max per/255 UDP  IP   UDP_IP   UDP M/C

Et0      0M       1M       100K     0  /255 0    2    0        0

To0      50K      1M       100K     12 /255 0    1    0        0

This command shows that there are two interfaces that are currently supporting RSVP reservations, Ethernet0 and TokenRing0. The allocate column shows the amount of bandwidth that has been allocated to active RSVP requests on each interface. In all of these fields, the letter K stands for Kbps and M stands for Mbps. The i/f max column shows the total amount that can be allocated on each of these interfaces, while the flow max shows the maximum that can be requested by any one flow. These are the parameters from the ip rsvp bandwidth interface configuration command.

The remaining columns show information about the actual allocated streams. The per/255 column shows the fraction of the total interface bandwidth that is used by each of these allocations. This is measured as a fraction of 255, as is common for expressing loads on Cisco interfaces. The UDP column shows the number of UDP-encapsulated sessions, IP counts the TCP-encapsulated sessions, and UDP_IP shows the sessions that use both UDP and TCP. The UDP M/C column shows whether the interface is configured to allow UDP reservations.

You can look at individual reservations in detail with the following command:

Router#show ip rsvp installed

RSVP: Ethernet0 has no installed reservations

RSVP: TokenRing0

BPS    To              From            Protoc DPort  Sport  Weight Conversation

50K    192.168.5.5     192.168.1.10    TCP    888    999    4      520

Router#

This shows that the router is currently supporting a 50Kbps TCP session between the two IP addresses that are shown, with the source and destination port numbers, 999 and 888 respectively. The Weight column shows the weighting factor, and Conversation shows the conversation (or flow) number used by WFQ for this queue. If you don't run WFQ on this interface, then both of these values appear as 0.

There is considerable overlap between the information shown in the show ip rsvp installed command and the output with the reservation and sender keywords. However, there are some important additional pieces of information here:

Router#show ip rsvp reservation

To            From          Pro DPort Sport Next Hop      I/F   Fi Serv BPS Bytes

192.168.5.5   192.168.1.10  TCP 888   999   192.168.3.2   To0   FF LOAD 50K   50K

Router#show ip rsvp sender

To              From            Pro DPort Sport Prev Hop        I/F  BPS  Bytes

192.168.5.5     192.168.1.10    TCP 888   999   192.168.1.201   Et0   50K    50K

Router#

With the reservation keyword, you see details about what type of reservation has been made. In this case, FF indicates that this is a Fixed Filter reservation, which means that it contains a single conversation between two end devices. However, RSVP also allows aggregation of flows. If this column says SE, which stands for Shared Explicit Filter, then it represents a shared reservation of unlimited scope. The other option is WF, which stands for Wildcard Filter, and indicates a shared reservation that can only include certain end devices or applications.

With the sender flag, you see the actual path information for the reservation. The Prev Hop and I/F columns here show the address and interface of the previous hop router. The BPS column shows the reserved bandwidth for this session in Kbps, and the Bytes column shows the maximum burst size in Kilobytes.

The show ip rsvp neighbor command simply lists all of the IP addresses of active RSVP neighbors on all interfaces. This command is useful if you want to figure out what devices are making RSVP requests. As we mentioned earlier, since all RSVP requests are made hop-to-hop, it is quite likely that you will see a lot of routers in this list. However, on access routers, this command will help you to see whether the right end devices are making RSVP requests. If there are unauthorized devices in the list, you may want to consider using the ip rsvp neighbor interface configuration command to restrict which devices are allowed to make requests:

Router#show ip rsvp neighbor

Interfac Neighbor        Encapsulation

Et0      192.168.1.10    RSVP

Et0      192.168.1.201   RSVP

To0      192.168.3.2     RSVP

The CCIESecurityTrainingteaching consists of a authored examination to qualify and after that the lab exam. You may be suggested to acquire with the minimum 3-5 decades of project know-how earlier than attempting this certification.

The examination for the CCIE Safety is of two-hour duration with various options. This includes hundred thoughts, which is able to cover subjects equivalent to software protocols, functioning methods, protection technologies, protection protocols, and Cisco protection programs. The exam supplies are furnished within the spot and also you aren't allowed to usher in outdoors reference components.

Network engineers having a CCIE certificates are regarded as since the pro inside the neighborhood engineering self-control in addition to the masters of CISCO goods. The CCIE has brought revolution in the group trade on the subject of technically tricky assignments and possibilities aided by the mandatory instruments and methodologies. There may be a software which updates and reorganizes the instruments to produce quality support. You can get numerous modes of CCIE Schooling like composed examination preparation and performance based lab. This allows to reinforce the efficiency and ordinary in the industry. CISCO has launched this certification policy in 1993 using a see to differentiate the very best pros in the rest.

To be able to be licensed, initially developed examination should be passed subsequent to which has to cross the lab test. CISCO at all periods tries to apply entirely numerous CCIE Exercise procedures for higher efficiency. There are a variety of guidelines for the CCIE certification. The initial step for certification should be to move a two hrs lasting computer based for the most part MCQ oriented authored test. For this exam critical payments have to be finished by the use of from the internet. This examination is affiliated with test vouchers and promotional codes. The authenticity in the voucher giving firm ought to be effectively acknowledged to your candidates. The promotional code must be accessed the right way and in case of fraudulent vouchers along with promotional codes should not appropriate and CISCO is not going to repay the value. The candidates really need to wait 5 days for your prepared examination when cost and so they cannot sit for the identical test for that following 100 eighty days in case of recertification.

Which has a watch to obtain licensed and eligible for the CCIE Teaching some parts are to get remembered correctly. Right after passing the composed examination the candidates possess a nearly all of eighteen months time for striving the lab examination. In case the period of time exceeds then the authenticity of the prepared examination will likely be invalid. For that initial timer used to possess CCIE certification the created examination is obtainable within the kind of Beta examination with special discounts on hand. Around the Beta time period the candidates can sit only the minute for your examination. The outcomes will occur within six to 8 weeks after the examination is in excess of.

The following action for your CCIE certification will be the Lab examination. The shortlisted candidates of your penned examination can solely apply for your fingers-on lab examination. Nevertheless there are numerous published examination centers of CISCO still Lab exam services are confined. It is really an eight hour fingers-on sensible centered mostly examination wherein the ability of troubleshooting and configuring group mainly primarily based complications and application are checked. For your scheduling of Lab examination the shortlisted candidates of this earlier authored exam have to current the identification amount in conjunction with passing score plus the date of passing.

The cost for Lab examination must be cleared earlier than 90 days on the scheduled exam. With out the price the reservation might probably be cancelled. Subsequent to passing the Lab examination combined when using the written test the candidates can utilize for the CCIE certification. By contemplating

There will have to be one thing that defines the various kinds of website traffic that you simply wish to prioritize. Normally, the simpler the distinctions are to help make, the higher. It is because all the checks get router resources and introduce processing delays. The most prevalent rules for distinguishing amongst visitors styles utilize the packet's input interface and effortless IP header answers this sort of as TCP port quantities. The subsequent examples display the right way to set an IP Precedence value of instantaneous (2) for all FTP manage page views that arrives because of the serial0/0 interface, and an IP Precedence of priority (one) for all FTP information customers. This distinction is possible because FTP regulate page views usages TCP port 21, and FTP knowledge usages port twenty.

The newest methodology for configuring this employs class maps. Cisco very first introduced this function in IOS Model twelve.0(five)T. This method initially defines a class-map that specifies how the router will recognize this sort of potential customers. It then defines a policy-map that really helps make the changes with the packet's TOS industry:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For earlier IOS versions, where class-maps happen to be not obtainable, you've to implement policy-based routing to change the TOS area inside of a packet. Making use of this coverage for the interface tells the router to use this coverage to test all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Prior to you can easily tag a packet for amazing procedure, you've got to obtain a particularly distinct strategy of what styles of site traffic really want specific therapy, and precisely what sort of extraordinary procedure they're going to ought. While in the instance, we now have chose to give a special priority to FTP customers obtained on the specified serial interface. We display the best way to do that working with equally the outdated and new configuration methods.
This may look to be a fairly artificial illustration. Just after all, why would you treatment about tagging inbound potential customers that you simply have definitely acquired from a low-speed interface? Realistically, on the list of most critical ideas for utilizing QoS in a network is that it is important to frequently tag the packet as early as is possible, ideally at the edges of this network. Then, because it passes from the network, each and every router only has to investigate the tag, and would not need to do any further classification. In this case, we might be certain which the FTP site traffic returning within the other gouvernement is tagged from the 1st router that receives it. And so the outbound visitors has definitely been tagged, and it is a waste of router sources to reclassify the outbound packets.

A large number of organizations really just take this concept of marking with the edges an individual move even further, and remark each individual obtained packet. This helps to ensure that customers aren't requesting special QoS privileges they are not authorized to own. Then again, you need to be cautious of this as it could possibly every so often disrupt genuine markings. For instance, a real-time software might possibly use RSVP to order bandwidth through the network. It happens to be vital that the packets for this software hold the appropriate Expedited Forwarding (EF) DSCP marking or the network may not deal with them adequately. Nonetheless, additionally you do not desire to permit other non-real-time purposes from this very same source possess the similar EF priority amount. So, in case you are heading to configure your routers to remark all incoming packets on the edges, always make sure you figure out what incoming markings are genuine.

In that circumstance, the routers are operating DLSw to bridge SNA targeted visitors as a result of an IP network. And so the routers by themselves genuinely generate the IP packets. This creates a further challenge seeing that there exists no incoming interface. To make sure that recipe works by using area policy-based routing. The fact which the router generates the packets also presents it an important gain on the grounds that it doesn't have to contemplate any DLSw packets which may just transpire to pass through.

The advantages from the more recent class-map approach aren't clear during this instance, but one of the very first large pros appears in order for you to use the more current DSCP tagging scheme. Because the more mature policy-based routing process won't immediately help DSCP, you have to faux it by setting the two the IP Precedence as well as TOS separately as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps can even be invaluable later on in this chapter when we mention class-based weighted fair queuing and class-based potential customers shaping.
It is necessary to note that in the course of this complete instance, we've only put a wonderful value to the packet's TOS or DSCP discipline. This, by itself, does not have an affect on how the packet is forwarded through the network. To carry out that, you have to be certain that as every single router in the network forwards these marked packets, the interface queues will react appropriately to this particulars.

Eventually, we should always observe that at the same time this recipe shows two advantageous solutions of marking packets, utilising Committed Access Rate (Car or truck) qualities. Autobus tends for being much more efficient on greater velocity interfaces.

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#access-list 101 permit ip any any precedence 5 tos 12

Router(config)#access-list 102 permit ip any any precedence 4

Router(config)#access-list 103 permit ip any any precedence 3

Router(config)#priority-list 1 protocol ip high list 101

Router(config)#priority-list 1 protocol ip medium list 102

Router(config)#priority-list 1 protocol ip normal list 103

Router(config)#priority-list 1 default low

Router(config)#interface Ethernet0

Router(config-if)#priority-group 1

Router(config-if)#exit

Router(config)#end

Router#

As we discuss in Appendix B, priority queues strictly ensure that high priority packets are always handled before lower priority packets. We stress that using pure priority queuing like this is usually a bad idea because the higher priority traffic can take all of the available bandwidth and completely starve all other network traffic. You only want to use this style of queuing when you can be absolutely certain that the aggregate bandwidth of all high priority traffic will never consume the available link bandwidth. This could be the case, for example, if the high priority traffic is shaped before reaching this router, or for applications like Voice over IP (VoIP) that use a relatively constant amount of bandwidth, and don't burst above this constant rate.

The priority-list command has a relatively flexible syntax for identifying what types of traffic will use which queues. However, we prefer the access-list method shown in the example. This is because it gives the greatest range of possibilities for identifying traffic types.

In the example, we use access-list 101 to decide which packets to send to the high priority queue:

Router(config)#access-list 101 permit ip any any precedence 5 tos 12

If you write out the bit patterns for an IP Precedence value of 5 and a TOS of 12, you get 101 and 1100. Combining these together and dropping the last bit gives 101110, which is identical to the Expedited Forwarding (EF) DSCP value. This is typically the DSCP value that is used to mark packets for real-time applications.

Cisco introduced a dscp keyword to the access-list command in IOS Version 12.1(5)T. This allows you to accomplish the same thing with a slightly simpler access list. This access list should also process faster because it only makes one comparison instead of two:

Router(config)#access-list 101 permit ip any any dscp ef

The access-lists that define the other queues also select specific IP Precedence values. This is because we want to carefully limit the amount of processing that the router has to do. The less the access-list has to look at, the better.

Note also that the router will process the priority list in the order that it was entered. In general you will want to keep queuing latency for high priority packets as low as possible. This is why we define the higher priority queues first.

In the example, we also specifically included a command to put any unmatched packets into the low priority queue:

Router(config)#priority-list 1 default low

If we had not included this command, the router would have used the normal priority queue for any unmatched packets by default.

You can look at priority queuing information on an interface with the show interface command:

Router#show interface Ethernet0

Ethernet0 is up, line protocol is up

  Hardware is Lance, address is 0000.0cf0.8460 (bia 0000.0cf0.8460)

  Internet address is 192.168.1.201/24

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set, keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queuing strategy: priority-list 1

  Output queue (queue priority: size/max/drops):

     high: 0/20/0, medium: 0/40/0, normal 0/60/0, low 0/80/0

  5 minute input rate 1000 bits/sec, 2 packets/sec

  5 minute output rate 2000 bits/sec, 2 packets/sec

     7390 packets input, 655552 bytes, 0 no buffer

     Received 6687 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 input packets with dribble condition detected

     81097 packets output, 6240100 bytes, 0 underruns

     2 output errors, 0 collisions, 7 interface resets

     0 babbles, 0 late collision, 0 deferred

     2 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

Router#

In this case, you can see that the high-priority queue has a maximum depth of 20 packets. The medium queue can hold 40 packets, normal holds 60, and the low-priority queue can hold 80 packets. This increasing queue depth pattern is necessary to help deal with queue starvation problems. You can modify these default values as follows:

Router(config)#priority-list 1 queue-limit 10 15 25 35

This command sets the depths for all of the queues in increasing order. This particular example would set the high-priority queue to hold a maximum of 10 packets, 15 for the medium queue, 25 for the normal queue, and 35 for the low-priority queue.

Note that the router will automatically use the high-priority queue for critical network control information, such as routing updates and keepalives. If these packets are not sent in a timely fashion, it can disrupt how the network functions. If the router were to put this critical information into a lower priority queue, there would be a danger that higher priority application traffic could starve the lower priority queues, and disrupt routing or possibly even bring down parts of the network. CBWFQ and Cisco's new Low Latency Queuing (LLQ) algorithm offer all of the advantages of Priority Queuing discussed here, and fewer of the disadvantages. We recommend using LLQ instead of Priority Queuing, if your router supports it. Cisco introduced LLQ in IOS level 12.0(6)T.